xz backdoor caught my Microsoft engineer who noticed 500ms lag π€―
Such a crazy story, the backdoor was such a big security flaw in such wide use libraries across Linux and macOS. Andres, the Microsoft engineer instinctually investigated the slowness of the library and found the backdoor. He writes:
"I was doing some micro-benchmarking at the time, needed to quiesce the system to reduce noise. Saw sshd processes were using a surprising amount of CPU, despite immediately failing because of wrong usernames etc. Profiled sshd, showing lots of cpu time in liblzma, with perf unable to attribute it to a symbol. Got suspicious. Recalled that I had seen an odd valgrind complaint in automated testing of postgres, a few weeks earlier, after package updates.
Really required a lot of coincidences."
Maybe that engineer on your team that goes crazy about every single performance regression will one day they will save the world.

Unlock by Signing Up!
Create a free account to view all comments, posts, and more!